Use tenant-scoped dubbed audio paths with safe file resolution

2026-03-30 08:07:01 +05:30
3 changed files with 48 additions and 86 deletions
--- a/backend/api/podcast/handlers/dubbing.py
+++ b/backend/api/podcast/handlers/dubbing.py
@@ -29,16 +29,45 @@ from ..models import (
    VoiceCloneResult,
 )
 from services.dubbing import AudioDubbingService
+from ..constants import get_podcast_media_read_dirs, get_podcast_media_dir

 router = APIRouter()

 _dubbing_executor = ThreadPoolExecutor(max_workers=4, thread_name_prefix="podcast_dubbing")

-DUBBED_AUDIO_DIR = Path(__file__).resolve().parents[3] / "data" / "media" / "dubbed_audio"
+_DUBBED_AUDIO_SUBDIR = Path("dubbed_audio")
+_LEGACY_DUBBED_AUDIO_DIR = Path(__file__).resolve().parents[3] / "data" / "media" / "dubbed_audio"


-def _ensure_dubbed_audio_dir():
-    DUBBED_AUDIO_DIR.mkdir(parents=True, exist_ok=True)
+def _get_dubbed_audio_dir(user_id: str, *, ensure_exists: bool = False) -> Path:
+    """Resolve tenant-scoped dubbed audio directory under podcast audio media."""
+    base_dir = get_podcast_media_dir("audio", user_id, ensure_exists=ensure_exists)
+    dubbed_dir = (base_dir / _DUBBED_AUDIO_SUBDIR).resolve()
+    if ensure_exists:
+        dubbed_dir.mkdir(parents=True, exist_ok=True)
+    return dubbed_dir
+
+
+def _resolve_dubbed_audio_file(filename: str, user_id: str) -> Path:
+    """Resolve dubbed audio with traversal-safe checks (tenant first, then legacy fallback)."""
+    clean_filename = filename.split("?", 1)[0].strip()
+    if not clean_filename:
+        raise HTTPException(status_code=400, detail="Invalid filename")
+
+    candidate_dirs: list[Path] = []
+    for base_dir in get_podcast_media_read_dirs("audio", user_id):
+        candidate_dirs.append((base_dir / _DUBBED_AUDIO_SUBDIR).resolve())
+    candidate_dirs.append(_LEGACY_DUBBED_AUDIO_DIR.resolve())
+
+    for target_dir in candidate_dirs:
+        candidate = (target_dir / clean_filename).resolve()
+        if not str(candidate).startswith(str(target_dir)):
+            logger.error(f"[Podcast][Dubbing] Attempted path traversal: {filename}")
+            raise HTTPException(status_code=403, detail="Invalid audio path")
+        if candidate.exists():
+            return candidate
+
+    raise HTTPException(status_code=404, detail="Audio file not found")


 def _execute_dubbing_task(
@@ -62,9 +91,8 @@ def _execute_dubbing_task(
            message="Starting audio dubbing..."
        )
        
-        _ensure_dubbed_audio_dir()
-        
-        service = AudioDubbingService(output_dir=DUBBED_AUDIO_DIR)
+        dubbed_audio_dir = _get_dubbed_audio_dir(user_id, ensure_exists=True)
+        service = AudioDubbingService(output_dir=dubbed_audio_dir)
        
        def progress_callback(progress: float, message: str):
            task_manager.update_task_status(
@@ -136,9 +164,8 @@ def _execute_voice_clone_task(
            message="Starting voice cloning..."
        )
        
-        _ensure_dubbed_audio_dir()
-        
-        service = AudioDubbingService(output_dir=DUBBED_AUDIO_DIR)
+        dubbed_audio_dir = _get_dubbed_audio_dir(user_id, ensure_exists=True)
+        service = AudioDubbingService(output_dir=dubbed_audio_dir)
        
        task_manager.update_task_status(
            task_id, "processing", progress=30.0,
@@ -301,12 +328,7 @@ async def serve_dubbed_audio(
    """
    user_id = require_authenticated_user(current_user)
    
-    _ensure_dubbed_audio_dir()
-    
-    audio_path = DUBBED_AUDIO_DIR / filename
-    
-    if not audio_path.exists():
-        raise HTTPException(status_code=404, detail="Audio file not found")
+    audio_path = _resolve_dubbed_audio_file(filename, user_id)
    
    return FileResponse(
        path=audio_path,
@@ -327,7 +349,8 @@ async def estimate_dubbing_cost(
    """
    user_id = require_authenticated_user(current_user)
    
-    service = AudioDubbingService(output_dir=DUBBED_AUDIO_DIR)
+    dubbed_audio_dir = _get_dubbed_audio_dir(user_id, ensure_exists=True)
+    service = AudioDubbingService(output_dir=dubbed_audio_dir)
    
    cost_estimate = service.estimate_cost(
        audio_duration_seconds=request.audio_duration_seconds,
@@ -479,12 +502,12 @@ async def serve_voice_audio(
    """
    user_id = require_authenticated_user(current_user)
    
-    _ensure_dubbed_audio_dir()
-    
-    audio_path = DUBBED_AUDIO_DIR / filename
-    
-    if not audio_path.exists():
-        raise HTTPException(status_code=404, detail="Voice audio file not found")
+    try:
+        audio_path = _resolve_dubbed_audio_file(filename, user_id)
+    except HTTPException as exc:
+        if exc.status_code == 404:
+            raise HTTPException(status_code=404, detail="Voice audio file not found") from exc
+        raise
    
    return FileResponse(
        path=audio_path,
--- a/backend/services/startup_health.py
+++ b/backend/services/startup_health.py
@@ -15,7 +15,6 @@ from services.database import (
    init_database,
    default_engine,
 )
-from services.user_api_key_context import get_user_api_keys

 _REQUIRED_SCHEMA: Dict[str, List[str]] = {
    "onboarding_sessions": ["id", "user_id", "updated_at"],
@@ -145,62 +144,6 @@ def _check_db_access(checks: List[Dict[str, Any]], errors: List[str], warnings:
    return candidate_user


-def _check_production_api_key_loading(
-    checks: List[Dict[str, Any]],
-    errors: List[str],
-    warnings: List[str],
-) -> None:
-    deploy_env = os.getenv("DEPLOY_ENV", "local").strip().lower()
-    if deploy_env == "local":
-        _record_check(checks, "production_api_key_loading", True, "skipped in local deploy mode")
-        return
-
-    test_tenant_id = os.getenv("ALWRITY_STARTUP_TEST_TENANT_ID", "").strip()
-    if not test_tenant_id:
-        message = (
-            "Missing ALWRITY_STARTUP_TEST_TENANT_ID for production API key startup check."
-        )
-        errors.append(message)
-        _record_check(checks, "production_api_key_loading", False, message)
-        return
-
-    try:
-        keys = get_user_api_keys(test_tenant_id)
-    except Exception as exc:
-        errors.append(
-            f"Failed to load API keys for startup test tenant '{test_tenant_id}': {exc}"
-        )
-        _record_check(checks, "production_api_key_loading", False, str(exc))
-        return
-
-    if not isinstance(keys, dict):
-        errors.append(
-            f"API key loader returned invalid payload type for startup test tenant '{test_tenant_id}'."
-        )
-        _record_check(checks, "production_api_key_loading", False, "invalid payload type")
-        return
-
-    non_empty_keys = [provider for provider, value in keys.items() if value]
-    if not non_empty_keys:
-        errors.append(
-            f"No API keys could be loaded for startup test tenant '{test_tenant_id}'."
-        )
-        _record_check(checks, "production_api_key_loading", False, "no non-empty keys loaded")
-        return
-
-    warning = None
-    if len(non_empty_keys) < len(keys):
-        warning = (
-            f"Startup test tenant '{test_tenant_id}' has {len(non_empty_keys)}/{len(keys)} non-empty API keys."
-        )
-        warnings.append(warning)
-
-    detail = f"loaded {len(non_empty_keys)} non-empty keys for tenant {test_tenant_id}"
-    if warning:
-        detail = f"{detail}; {warning}"
-    _record_check(checks, "production_api_key_loading", True, detail)
-
-
 def run_startup_health_routine() -> Dict[str, Any]:
    checks: List[Dict[str, Any]] = []
    errors: List[str] = []
@@ -209,8 +152,6 @@ def run_startup_health_routine() -> Dict[str, Any]:
    _check_workspace_root(checks, errors)
    if not errors:
        _check_db_access(checks, errors, warnings)
-    if not errors:
-        _check_production_api_key_loading(checks, errors, warnings)

    status = "healthy" if not errors else "failed"
    report = {
--- a/backend/services/user_api_key_context.py
+++ b/backend/services/user_api_key_context.py
@@ -71,13 +71,10 @@ class UserAPIKeyContext:
        """Load API keys from database for specific user."""
        try:
            from api.content_planning.services.content_strategy.onboarding import OnboardingDataIntegrationService
-            from services.database import get_session_for_user
+            from services.database import SessionLocal
            
            integration_service = OnboardingDataIntegrationService()
-            db = get_session_for_user(user_id)
-            if not db:
-                logger.error(f"Failed to create DB session for user {user_id}")
-                return {}
+            db = SessionLocal()
            try:
                integrated_data = integration_service.get_integrated_data_sync(user_id, db)
                keys = integrated_data.get('api_keys_data', {})
@@ -156,3 +153,4 @@ def get_tavily_key(user_id: Optional[str] = None) -> Optional[str]:
 def get_copilotkit_key(user_id: Optional[str] = None) -> Optional[str]:
    """Get CopilotKit API key for user."""
    return UserAPIKeyContext.get_user_key(user_id, 'copilotkit')
+